Cyber Threats Every Financial Services Firm Must Study Up On

The financial services industry is among the most heavily targeted sectors by cybercriminals. In 2015 we saw a surge in attacks that involved extortion, social engineering, credential-stealing malware and sophisticated threats. Here’s what Alastair Paterson writes on Security Week about the seven biggest cyber threats faced by financial firms:

1. Extortion. Two main actors, DD4BC and the Armada Collective, led the way in Distributed Denial of Service (DDoS) extortion in 2015. They use similar TTPs to extort Bitcoins from victims, beginning by notifying them that they are vulnerable to a DDoS attack and increasing attack activity and the ransom request if they are ignored. By the end of the year more bad actors jumped into the fray including a group called Hacker Buba which began tweeting links to customers’ private financial data when its extortion attempts were unsuccessful.

2. Social media attacks. There were several notable examples of attackers misusing social media profiles, hiding behind fake profiles to gain trust and extract information for social engineering purposes. Toward the latter part of 2015 both Facebook and Twitter began proactively monitoring for suspicious activity and notifying users if they believe their accounts had been targeted or compromised.

3. Spear phishing and whaling. Achieved by the use of reconnaissance to make messages appear more genuine, spear phishing attacks masquerade as a legitimate individual or institution and co-opt their established trust to coerce the target into providing credentials to the attacker. Whaling, targeting multiple victims for larger sums of money, takes this method to the next level and escalated in 2015. It involves spoofing executives’ emails – often those of CEOs – to dupe finance departments to make large transfers into fraudulent accounts. The directive often includes a URL that appears to be a legitimate financial services website but in fact redirects the target to an alternative site.

4. Point-of-Sale malware. PoS systems remain a target for criminals despite the adoption of the Europay, MasterCard and Visa (EMV) standard. A number of variants of POS malware, including LusyPOS and BlackPOS, have been observed recently. There is also some evidence that cloning of EMV credit cards is possible.

5. ATM malware. Various ATM-specific malware threats were discovered in 2015. GreenDispenser infects ATMs and allows criminals to extract large sums of money while avoiding detection. Reverse ATM attacks also emerged. These attacks use a combination of compromised PoS terminals and ‘money mules’ in order to reverse transactions after money has been withdrawn physically or sent to another bank account.

6. Other notable threats. Credential-stealing malware targeting banking customers is on the rise. For example, Dridex has been very active in 2015 and has garnered significant international law-enforcement attention. Exploit kits, which offer a user-friendly way for attackers to infect victims, are also highly active with some of the more popular kits, like the Angler Exploit Kit, incorporating the ability to take advantage of new vulnerabilities extremely quickly.

7. Sophisticated financial services threats. Throughout 2015 multiple threat actors used sophisticated TTPs in order to infiltrate organizations and exfiltrate valuable data. Typical TTPs include the use of social engineering such as spear phishing, network intrusion techniques and custom malware toolsets and utilities. Examples of such threats include Desert Falcon and Equation Group which target multiple geographies and multiple sectors, including financial services. An organized gang named Anunak/Carbanak targeted financial institutions specifically. This particularly advanced group broke into internal networks, installed malicious software and took control of victims’ machines to drain bank ATMs of cash and steal money using the SWIFT network.

The financial services sector will likely continue to experience cyber threats more frequently than other industries and from threat actors with access to a range of TTPs. While companies and law enforcement are working together to identify and stop these attacks and the groups behind them, financially-motivated cybercriminals never rest. Organizations must continue their quest for better threat protection and risk mitigation. By understanding which malicious actors may target an institution, why, and their methods of attack, financial services firms can enhance their cyber situational awareness and make more informed decisions about where and how to focus their security resources.

Related

Share This Story, Choose Your Platform!

Oliver Wright is an international lawyer, financier, and published author. He is the Founder and CEO of Vanquish Merchant Bank. His writings appear in journals such as the Harvard Journal of International Press-Politics. For six years Oliver was an international litigator and corporate attorney practicing cross-border mergers and acquisitions at Gibson, Dunn & Crutcher, the top ranked litigation firm in the country. Oliver Wright holds dual Master and Doctor of Law degrees in International and Comparative Law from Cornell Law School, where he graduated with honors and was Editor of the Cornell Law Review. He was class major valedictorian at UCLA, where he graduated summa cum laude, phi beta kappa with a BA in Communications Studies.